v0.15.0

governance-policy-framework-addon v0.15.0

• The released image is quay.io/open-cluster-management/governance-policy-framework-addon:v0.15.0

What's Changed

• Set the cluster namespace on OperatorPolicy dependencies by @mprahl in #147
• Trigger status-sync reconciles when spec-sync sees mismatching status by @mprahl in #148
• Update kubernetes-dependency-watches to v0.8.1 by @mprahl in #149
• Use controller-runtime to protect metrics endpoint by @zyjjay in #150
• Update to Go v1.22 by @dhaiducek in #152
• Sync common Makefile by @dhaiducek in #153
• De-duplicate objects to watch by @JustinKuli in #154

Full Changelog: v0.14.0...v0.15.0

v0.14.0

governance-policy-framework-addon v0.14.0

• The released image is quay.io/open-cluster-management/governance-policy-framework-addon:v0.14.0

What's Changed

• Record template-sync compliance events in compliance history API by @mprahl in #122
• Replace unmaintained release action by @dhaiducek in #121
• Filter Events for compliance status by Policy UID by @dhaiducek in #123
• Address CVE-2024-24786 by @dhaiducek in #124
• Run framework tests on OCM PRs by @zyjjay in #125
• Various stability fixes and reduce log noise by @mprahl in #126
• Fix template sync set to Nomcompliant when context cancel by @yiraeChristineKim in #127
• Sync common Makefile by @dhaiducek in #128
• Prevent duplicate disabled compliance events by @mprahl in #129
• Start and stop the Gatekeeper status sync controller dynamically by @mprahl in #130
• Add a launch.json for local development by @mprahl in #131
• Move the disabled events recording outside of spec-sync by @mprahl in #132
• Use the admin kubeconfig for the e2e-debug Make target by @mprahl in #133
• Use the dependency watcher cache in gatekeeper-constraint-status-sync by @mprahl in #134
• Bypass the caching of constraint templates by @mprahl in #135
• Handle template errors better by @JustinKuli in #136
• Upgrade controller-runtime to 0.17.3 by @JeffeyL in #137
• Detect the correct error for resource not found by @mprahl in #138
• Report Pending status despite hub template error by @JustinKuli in #139
• Set the parent policy to NonCompliant when there is a duplicate name by @mprahl in #140
• Upgrade addon-framework to 0.9.3. by @xuezhaojun in #141
• Update Go packages by @dhaiducek in #142
• Update to UBI9 by @dhaiducek in #143
• Handle the default value for recreateOption by @mprahl in #144
• Modify equivalentTemplates for OperatorPolicy complianceConfig defaults by @JeffeyL in #145
• Use a valid compliance state in a test by @JustinKuli in #146

New Contributors

• @xuezhaojun made their first contribution in #141

Full Changelog: v0.13.0...v0.14.0

v0.13.0

governance-policy-framework-addon v0.13.0

• The released image is quay.io/open-cluster-management/governance-policy-framework-addon:v0.13.0

What's Changed

• Undo the template duplication check update by @gparvin in #90
• Enable concurrent reconciles, QPS, and burst configurations by @zyjjay in #91
• Update log calls to be more consistent by @JustinKuli in #92
• Update packages by @dhaiducek in #93
• Remove the requirement on k8s.io/[email protected]+incompatible by @mprahl in #94
• Fix test panic by @dhaiducek in #95
• Refactor controller set up logic to expose cache access by @zyjjay in #96
• Sync common Makefile by @dhaiducek in #97
• fix nil reference when hub-only controllers are disabled by @zyjjay in #98
• Update cache filtering granularity to align with SA permissions by @zyjjay in #99
• Fix the cache configuration for controller-runtime 0.16 by @mprahl in #100
• Prevent panic when using the managed-cluster-configfile argument by @mprahl in #101
• Sync common Makefile by @dhaiducek in #102
• Update the kubernetes-dependency-watches library by @mprahl in #104
• Use SA for E2E by @zyjjay in #103
• Handle policy dependencies of Gatekeeper types by @JustinKuli in #105
• Update the error to detect when the server only has v1beta1 CRDs by @mprahl in #107
• Update to Go v1.21 by @dhaiducek in #108
• Sync common Makefile by @dhaiducek in #109
• Fix requeue when Kind is missing by @dhaiducek in #110
• Sync common Makefile and Dependabot by @dhaiducek in #112
• Bump the github-actions group with 2 updates by @dependabot in #113
• Record compliance events on the compliance events history API by @mprahl in #111
• Simplify GitHub Action workflows by @dhaiducek in #114
• Sync common makefile by @dhaiducek in #115
• Use token authentication for the compliance history API by @mprahl in #116
• Add a log message when an event is recorded on the compliance API by @mprahl in #117
• Upgrade common Makefile by @dhaiducek in #118
• Stop retrying to record invalid compliance events by @mprahl in #119
• Record compliance events in the compliance history API with nanoseconds by @mprahl in #120

New Contributors

• @dependabot made their first contribution in #113

Full Changelog: v0.12.0...v0.13.0

v0.12.0

governance-policy-framework-addon v0.12.0

• The released image is quay.io/open-cluster-management/governance-policy-framework-addon:v0.12.0

What's Changed

• Bind logs to make uninstall logging work by @dhaiducek in #68
• Bump controller-runtime to 0.15.0 by @clyang82 in #70
• Bug: Creating two policy templates with the same name succeeds by @yiraeChristineKim in #69
• Explicitly enable CGO by @mprahl in #73
• Remove ConfigMap permissions by @dhaiducek in #74
• Allow informonly configuration policies by @zyjjay in #75
• Reduce memory utilization of caching events by @mprahl in #78
• Bug: ACM-6632, parent policy cannot override remediationAction if unset in policy template by @zyjjay in #77
• Allow uninstall mode to be cancelled by @JustinKuli in #80
• ACM-3160: Invalid policy-templates array syntax leads to policy_system_errors_total incrementing by @JeffeyL in #79
• Remove duplicated compliance in Gatekeeper synced policy message by @zyjjay in #76
• Fix template sync duplicate detection by @gparvin in #82
• Bug: ACM-6803, Incorrect Policy does not show any validation errors and no status by @JeffeyL in #83
• Adjust the error to check for the ConstraintTemplate CRD missing by @mprahl in #84
• Fix RegEx to allow any character in a template name by @dhaiducek in #86
• Add back name label to deployment by @dhaiducek in #87
• Patch args when redeploying controller by @dhaiducek in #88
• Move status check to Eventually() by @dhaiducek in #89

New Contributors

• @zyjjay made their first contribution in #75
• @JeffeyL made their first contribution in #79

Full Changelog: v0.11.0...v0.12.0

v0.11.0

governance-policy-framework-addon v0.11.0

• The released image is quay.io/open-cluster-management/governance-policy-framework-addon:v0.11.0

What's Changed

• Clean up policy templates that have been removed from the parent policy by @willkutler in #28
• Remove get permission for CRDs by @willkutler in #31
• Add watch for CRD to role by @willkutler in #32
• Recover owner references that are removed from policy templates by @willkutler in #30
• Remove the dependency watches when a policy is deleted by @mprahl in #34
• Implement syncing for ConstraintTemplates by @dhaiducek in #33
• Set parent policy label on template when updating by @willkutler in #35
• Add the Gatekeeper constraint status sync controller by @mprahl in #36
• Ignore gosec failures for SHA1 usage by @mprahl in #38
• Re-fetch the hub policy prior to sending an update by @dhaiducek in #37
• Perform discovery API calls only as needed by @mprahl in #39
• Update the dependency watch client by @mprahl in #40
• Wait for the namespace to be deleted in case 17 by @mprahl in #42
• Disable the Gatekeeper controller when run in old Kubernetes clusters by @mprahl in #41
• Conditionally clean up Gatekeeper Constraints by @dhaiducek in #43
• 3329 finalizer cleanup by @JustinKuli in #44
• Stop resetting the policy template compliance when already reset by @mprahl in #47
• Make conflicted object template error more readable by @willkutler in #46
• Stop updating on every reconcile when pruneObjectBehavior is not set by @mprahl in #48
• Add flag to disable Gatekeeper sync by @dhaiducek in #49
• Get deployment name from environment variable by @JustinKuli in #51
• Update release regex by @dhaiducek in #53
• Reset the complianceState when Pending by @JustinKuli in #54
• Synchronously emit template events by @JustinKuli in #56
• Update OWNERS by @gparvin in #58
• GoSec fixes and improvements by @JustinKuli in #59
• Stop setting the Gatekeeper constraint as compliant without audit results by @mprahl in #60
• Bug: Policy compliance status is truncated by @yiraeChristineKim in #61
• Check v1beta1 CRD for policy template label by @JustinKuli in #62
• Upgrade: Go v1.20 and packages by @dhaiducek in #63
• Correct to Pending status after late events by @JustinKuli in #64
• Update event to include real status by @clyang82 in #65

New Contributors

• @gparvin made their first contribution in #58
• @yiraeChristineKim made their first contribution in #61
• @clyang82 made their first contribution in #65

Full Changelog: v0.10.0...v0.11.0

v0.10.0

governance-policy-framework-addon v0.10.0

• The released image is quay.io/open-cluster-management/governance-policy-framework-addon:v0.10.0

What's Changed

• Add dynamic watches for dependencies by @JustinKuli in #8
• Handle when a policy doesn't have dependencies by @mprahl in #10
• Set pending state on policies if dependencies are not met + remove template by @willkutler in #11
• Fix a bug where the /healthz endpoint pointed to underlying /readyz by @mprahl in #13
• add kind to pending status by @willkutler in #14
• emit pending on mapping error by @willkutler in #16
• Clusternamespace for dep watches by @JustinKuli in #18
• Set "oldest" tag in Makefile; Bump to K8s v1.19 by @dhaiducek in #19
• Handle ignorePending differently by @JustinKuli in #21
• Add OCM doc link by @dhaiducek in #20
• Expose metrics by @JustinKuli in #22
• Add template-sync metrics by @dhaiducek in #23
• Update kubernetes-dependency-watches to v0.1.1 by @mprahl in #24
• Unowned template panic by @JustinKuli in #29

New Contributors

• @willkutler made their first contribution in #11

Full Changelog: v0.9.0...v0.10.0

v0.9.0

governance-policy-framework-addon v0.9.0

• See the CHANGELOG for more details.
• The released image is quay.io/open-cluster-management/governance-policy-framework-addon:v0.9.0